The company says that 90,000 customers’ sensitive information, such as driving licenses and Social Security numbers, was left unprotected for two years.
According to the German automaker, more than 3.3 million Volkswagen and Audi customers had their data exposed for more than two years. In a letter, which Nerdshala obtained and reported on Friday, VW informed Maine’s attorney general about the security lapse. The data comes from individuals who did business with VW or Audi between 2014 and 2019, and the unsafe period lasted two years between 2019 and 2021.
Volkswagen confirmed the breach.
“We recently discovered that an unauthorized third party obtained limited personal information from customers and interested buyers that Audi, Volkswagen and certain authorized dealers in the United States and Canada use for digital sales and marketing activities,” a spokesman said. in a statement. “We apologize for any inconvenience that our current or potential customers may cause. As always, we recommend that individuals be on the alert for suspicious emails or other communications that provide them with information about themselves or their vehicle. can be asked to do.”
Most of the data used for marketing purposes included names, addresses, emails and phone numbers. However, the letter states, the vulnerability may have leaked more sensitive information of 90,000 customers to be used during loan eligibility processes when buying a car. Potentially exposed information included a “very small” number of dates of birth, driver’s license numbers and Social Security numbers, the company said.
“We are notifying all affected individuals directly, even if we are required to do so by law, and will provide free credit protection services to approximately 90,000 individuals for whom sensitive information was included,” the statement said.